Detecting Abnormal Network Traffic in the Secure Event Management Systems | ||||
International Conference on Aerospace Sciences and Aviation Technology | ||||
Article 102, Volume 14, AEROSPACE SCIENCES & AVIATION TECHNOLOGY, ASAT - 14 – May 24 - 26, 2011, May 2011, Page 1-15 PDF (326.32 K) | ||||
Document Type: Original Article | ||||
DOI: 10.21608/asat.2011.23416 | ||||
View on SCiNiTO | ||||
Authors | ||||
A. Abd Elmomen1; A. Bahaa El Din2; A. Wahdan3 | ||||
1Senior Security Engineer, France Telecom – Orange Business Services, Cairo, Egypt. | ||||
2Ph. D. Computer and System Engineering Department – Faculty of Engineering – Ain Shams University – Cairo, Egypt. | ||||
3Professor, Computer and System Engineering Department – Faculty of Engineering – Ain Shams University – Cairo, Egypt. | ||||
Abstract | ||||
State-of-the-art intrusion detection and monitoring systems produce hundreds or even thousands of events every day. Unfortunately, most of these events are false positives, or irrelevant and can be considered as background noise, which makes their correlation, analysis and investigation very complicated and resource consuming. This paper attempts to simulate the modeling of background noise using the non-stationary time series analysis with lag smoothing Kalman filter. Then introduce and compare a second technique applying a multi-layered perceptron neural network with back ropagation network; an approach that is used for the first time in modeling and correlating the background noise. DARPA Dataset is used to analyze and compare both techniques and finally a verification experiment is conducted using a gathered dataset from real network environment. | ||||
Keywords | ||||
Intrusion Detection; Alert Correlation; Time Series Modeling; Kalman Filtering; Neural network | ||||
Statistics Article View: 144 PDF Download: 210 |
||||